# PRINTER RUSH 0 

(PTO ASSISTANCE) 



Application : Q^j ( Examiner : VPN W 



From: 



Location: (iPc) FMF FDC 



GAU : 



Date: 



2(52. 



Tracking #: QfoH GSH's Week Date: ^-<$Q~-QS ~ 



DOC CODE 

□ 1449 

□ ids 

□ CLM 

□ iIFW 

□ SRFW 

□ drw 

□ oath 

□ 312^ 

□'Spec 



DOC DATE 



MISCELLANEOUS 

I I Continuing Data 
I I Foreign Priority 
I I Document Legibility 
I I Fees 
□ Other 



trushi MESSAGE: $>P&U F/C#tfOM Page ^/. ^f /2> ; P*** <T 
Uhe n^s-f/Kig ITJ, Pert- tyj?. A/o J r 



[XRUSH] RESPONSE: ( I 



INITIALS:^ 



NOTE: This form will be included as part of the official USPTO record, with the Response 
document coded as XRUSH. 
REV 10/04 



value for that field falls within the range specified by the rule. 

Filter rules can interact based on the priority for the filter rule. Suppose that 
two filter rules are defined such that they intersect, where the first filter rule is an 
exception to the second filter rule. A packet matching the first filter rule would also 
match the second filter rule. A packet matching the second filter rule will not 
necessarily match the first filter rule. The second filter rule can be viewed as a default 
rule. In such a case, the first filter rule must be of higher priority than the second filter 
rule to ensure that when a packet matches both filter rules that the first filter rule 
dominates. 

Figure 2 depicts a high-level flow chart of a conventional method 50 for determining 

which, if any, filter rules to enforce for a particular packet. The method 50 is described 

Of/3/Z/Vf 

more fully in co-pending U.S. Patent Application Serial No,^ entitled "System and 

Method and Computer Program for Filtering Using Tree Structure" 
(RAL919990006US4) filed on 10/19/1999 and assigned to the assignee of the present 
invention. Applicant hereby incorporates by reference the above-mentioned co- 
pending patent application. The method 50 is typically performed by the network 
processor 42. The possible filter rules which can match the key are narrowed to a set of 
remaining filter rules. This is done via step 52 which eliminates rules which cannot match 
the key. Step 52 can be accomplished using a decision tree. A decision tree contains nodes 
which perform a test, branches which indicate where in the decision tree to go based on the 
test, and leaves which correspond to some number of filter rules. At each node of the 
decision tree, a single bit of the key is tested. Based on the results of a test at a node, a 
different branch is taken. The branch can lead to another node or to a leaf. Each node thus 
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example be determined using a method described in co-pending U.S. Patent 
Application Serial No y^ entitled System Method and Computer Program for 
Prioritizing Filter Rules" (RAL919990048US1) filed on March 31, 2000 and assigned to 
the assignee of the present application. Applicant hereby incorporates by reference the 
above-mentioned co-pending patent application. The statistics indicate a frequency of 
enforcement for each of the plurality of filter rules. The method and system also comprise 
placing the plurality of filter rules in an order for testing against the key. The order is based 
on the frequency of each filter rule of the portion of the plurality of filter rules. 

The present invention will be described in terms of a particular network processor in 
a switch. However, one of ordinary skill in the art will readily recognize that the method and 
system operate effectively when used in a different network processor or for a network 
processor in another component, such as a router. The present invention is also described in 
the context of certain methods having particular steps. In addition, one of ordinary skill in 
the art will readily realize that, for clarity, certain steps have been omitted. Thus, the method 
and system in accordance with the present invention are consistent with other or additional 
steps. 

To more particularly illustrate the method and system in accordance with the present 
invention, refer now to Figure 3, depicting one embodiment of a method 100 in accordance 
with the present invention for ordering filter rules for testing of a key. The method 100 is 
preferably used in a network processor, such as the network processor 42 of Figure IB. 
Consequently, the method 100 of Figure 3 will be described in conjunction with the network 
1, the switch 10 and the network processor 42. However, one of ordinary skill in the art will 
readily recognize that the method 100 is consistent with other components performing some 
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